The present techniques relate to authentication of mobile applications, and more specifically, to authenticating mobile applications using policy files.
Recent years have seen a rise in hybrid mobile applications that mix web technologies (e.g., scripting and markup languages) and native technologies (e.g., operating-system specific). Such applications often use duplicated implementations of key modules—both a native and a web-based implementation. Specifically, a typical hybrid application interacting with a backend server from both web and native interfaces usually has two different implementations of a remote invocation and communication protocol module facilitating server interactions. For example, a JavaScript implementation can enable requests from an HTML5 part of an application, and a native implementation can serve native requests. Hybrid applications present a number of issues, such as developing and maintaining duplicated code, as well as synchronization issues when executing.
A hypertext transfer protocol (HTTP) state may need to be synchronized between web modules and native modules of the application when communicating with the backend server; however, different protocol states are used between web modules and native modules (typically, HTTP state—cookies, headers, request/response parameters, etc.). In order to allow for a smooth interaction with the backend server, the HTTP state has to be shared between the web and native modules; otherwise, the backend server will be interacting in essence with two distinct clients. Consider, for example, a cookie-based login module in the backend server, where a request originating from a native remote invocation module has to complete some authentication process before being granted access, represented by a session cookie. Even after authentication is complete, a request generated from a web-based remote invocation module will have to go through the same authentication process, as the session cookie granted to the native module would be missing from the web-based requests. This can result in a degraded user experience, such as requiring the user to login twice.